The fast food chain Wendy's said it is investigating a possible credit card breach at various East Coast and Midwest restaurant locations in response to fraud reports from various sources within the financial industry.
Bob Bertini, a spokesperson for Wendy's, said the company started getting reports earlier in January from payment industry contacts about a potential breach. Wendy's then hired a security firm to look into the claims. It is too soon, however, to determine the scope of the incident, whether it's been contained, how long it may have persisted and how many stores may have been affected.
"Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants," Bertini said in a prepared statement. "We've hired a cybersecurity firm and launched a comprehensive and active investigation that's underway to try to determine the facts. We began investigating immediately, and the period of time we're looking at [for] the incidents is late last year, we know it's [affecting] some restaurants but it's not appropriate just yet to speculate on anything in terms of scope."
In a blog post, cybersecurity expert Brian Krebs reported that when he initially heard from banking industry sources about a possible breach at Wendy's, the reports came mainly from financial institutions in the Midwest. However, the author has since heard similar reports from East Coast banks.
"As of now, the Wendy's breach is speculation – they were alerted by individuals in the banking industry who noticed several credit cards with a matching patch of fraudulent charges that were also used at Wendy's," Dodi Glenn, vice president, cybersecurity at the Sioux City, Iowa-based PC Pitstop, pointed out. "It seems to be contained to select Wendy's stores, and [is] not a company-wide breach."
Glenn explained the high number of transactions that take place during any given day makes restaurants an easy target for credit card hacks.
"POS systems have a lot of security vulnerabilities, making it very easy for hackers to steal credit card information," he said.
He also indicated security practice issues might exist at some Wendy's locations owned by franchisers.
The Wendy's chain includes about 6,500 franchise and company-operated restaurants in the United States, and 28 other countries and U.S. territories worldwide. Bertini said most of the U.S.-operated stores are franchises.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.